How severe is CVE-2024-30407?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2024-30407?

This is classified as CWE-321, which is a common weakness in software security.

CVE-2024-30407 - CRITICAL Severity | CVSS 8.1

Vulnerability Description

The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native Router (JCNR) and containerized routing Protocol Deamon (cRPD) products allows an attacker to perform Person-in-the-Middle (PitM) attacks which results in complete compromise of the container. Due to hardcoded SSH host keys being present on the container, a PitM attacker can intercept SSH traffic without being detected. This issue affects Juniper Networks JCNR: * All versions before 23.4. This issue affects Juniper Networks cRPD: * All versions before 23.4R1.

Related Vulnerabilities

CVE-2020-10884

HIGH

CVSS:8.1(High)

This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploi...

CWE-3212020

CVE-2022-20773

HIGH

CVSS:8.1(High)

A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance (VA) could allow an unauthenticated, remote attacker to impersonate a VA. This vulnerability is due to...

CWE-3212022

CVE-2023-0391

HIGH

CVSS:8.1(High)

MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in ver...

CWE-3212023

CVE-2024-1920

HIGH

CVSS:8.1(High)

A vulnerability, which was classified as critical, has been found in osuuu LightPicture up to 1.2.2. This issue affects the function handle of the file /app/middleware/TokenVerify.php. The manipulatio...

CWE-3212024

CVE-2024-58134

HIGH

CVSS:8.1(High)

Mojolicious versions from 0.999922 through 9.40 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default. These predictable default secrets can be exploi...

CWE-3212024

CVE-2021-38461

HIGH

CVSS:8.2(High)

The affected product uses a hard-coded blowfish key for encryption/decryption processes. The key can be easily extracted from binaries.

CWE-3212021